Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Gitlab datasource #883

Merged
merged 0 commits into from
Nov 19, 2022
Merged

Add Gitlab datasource #883

merged 0 commits into from
Nov 19, 2022

Conversation

keshav-space
Copy link
Member

closes #836

@keshav-space keshav-space added the VulnTotal Tool for cross-validating vulnerability label Aug 26, 2022
@keshav-space keshav-space self-assigned this Aug 26, 2022
@keshav-space keshav-space changed the title Gitlab datasource Add Gitlab datasource Aug 26, 2022
@keshav-space keshav-space linked an issue Aug 26, 2022 that may be closed by this pull request
Add GitLab DataSource #836
Closed
@keshav-space keshav-space force-pushed the gitlab_datasource branch 4 times, most recently from cd1ee0b to 06265f6 Compare August 28, 2022 09:51
TG1999
TG1999 requested changes Sep 5, 2022
View reviewed changes
vulntotal/datasources/gitlab.py Outdated
os.remove(response.location)


def clear_download(location):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py Outdated
return f"{ecosystem}/{package_name}"


def download_subtree(package_slug: str, speculative_execution=False):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py Outdated
}


def get_package_slug(purl):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py Outdated
shutil.rmtree(location)


def get_casesensitive_slug(path, package_slug):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py Outdated

while hasnext:
response = requests.post(url, json=payload).json()
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, that won't work here.

>>> from vulnerabilities.utils import get_item
>>> data = [
...   {
...     "data": {
...       "project": {
...         "repository": {
...           "paginatedTree": {
...             "pageInfo": {
...               "endCursor": "e1d88bf61d8f6e2d39bdae52121d2c19e0a86ea6",
...               "startCursor": "",
...               "hasNextPage": True
...             },
...             "nodes": [
...               {
...                 "trees": {
...                   "nodes": [
...                     {
...                       "flatPath": "pypi/AccessControl"
...                     },
...                     {
...                       "flatPath": "pypi/Acqusition"
...                     },
...                     {
...                       "flatPath": "pypi/Beaker"
...                     }
...                   ]
...                 }
...               }
...             ]
...           }
...         }
...       }
...     }
...   }
... ]
>>> get_item(data, 0, 'data', 'project', 'repository', 'paginatedTree')
dictionary must be of type `dict

Copy link
Contributor

@TG1999 TG1999 Sep 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant this

Suggested change
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]
assert len(response) > 0
data = response[0]
paginated_tree = get_item(data, "data", "project", "repository", "paginatedTree")

You are not checking if the item you are accesing exists in the dictionary or not

vulntotal/datasources/gitlab.py Outdated
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]

for slug in paginated_tree["nodes"][0]["trees"]["nodes"]:
if slug["flatPath"].lower() == package_slug.lower():
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nexB/vulnerablecode/pull/883#discussion_r963588542

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check my comment above for same.

vulntotal/datasources/gitlab.py Outdated


def parse_interesting_advisories(location, version, delete_download=False) -> Iterable[VendorData]:
path = Path(location)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py Outdated
if package_slug.lower().startswith(slug["flatPath"].lower()):
return get_gitlab_style_slug(slug["flatPath"], package_slug)

payload[0]["variables"]["nextPageCursor"] = paginated_tree["pageInfo"]["endCursor"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nexB/vulnerablecode/pull/883#discussion_r963588542

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check my comment above for same.

@TG1999
Copy link
Contributor

TG1999 commented Sep 5, 2022

Add doctsrings for all the functions and also add doctests/ unit tests for functions which have not been tested at all

@keshav-space keshav-space mentioned this pull request Oct 12, 2022
Closed
9 tasks
@pombredanne pombredanne merged commit 3664c3e into aboutcode-org:vulntotal Nov 19, 2022
@keshav-space keshav-space deleted the gitlab_datasource branch January 10, 2023 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TG1999 TG1999 TG1999 requested changes

@pombredanne pombredanne Awaiting requested review from pombredanne

@Hritik14 Hritik14 Awaiting requested review from Hritik14

@sbs2001 sbs2001 Awaiting requested review from sbs2001

Assignees

@keshav-space keshav-space

Labels
VulnTotal Tool for cross-validating vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add GitLab DataSource
3 participants
@keshav-space @TG1999 @pombredanne